Lost job over HIPAA violation, what is employment potential?
- page 3

Hi a relative of mine was an RN. She just lost her job over a HIPAA violation. She took a cellphone picture of a patient and sent it to a friend. She later had a falling out with the friend and he... Read More

Jun 12, '10

is getting terminated for a hipaa violation a reportable offense????:redpinkhe

Jun 12, '10

I have to agree with some of the ladies here.. In no way was this harmless. You do not know that it wasn't harmful to the patient because you haven't questioned the patient. I am not yet a nurse (I start nursing school in August), but I have worked in the medical field and understand HIPAA policies. I think that to NOT reveal details of the HIPAA violation to future employers is morally wrong. I believe that any future employer should have the knowledge of the offense. Similar to how on any application, you need to list felonies and misdemeanors. Only difference between her situation and that is that she wasn't charged. I think about the fact that if I was a patient in the hospital, would I want to be treated by someone who violated the privacy of others? NO! At the very least, she needs to be put through some more SERIOUS HIPAA training!!

is getting terminated for a hipaa violation a reportable offense????:redpinkhe

Reportable to whom?

Jun 13, '10

reportable to the bon............

Jun 13, '10

a former employer can say virtually anything s/he wants about you, provided it's true. as for hipaa violations resulting in "lawsuits" and "jail time," hipaa is virtually never prosecuted, and even if it were, it's a civil offense, not a crime, meaning no jail time results. the government relies on self-policing by hospitals to enforce the law.

often a potential employer will contact an applicant's past employers. a former boss can say anything [truthful] about your performance. however, most employers have a policy to only confirm dates of employment, final salary, and other limited information. california law prohibits employers from intentionally interfering with former employees' attempts to find jobs by giving out false or misleading references. (california labor code 1050)

under california law and the laws of many other states, employees have a right to review their own personnel files and make copies of documents they have signed. if you are a state or federal employee, your personnel file is protected under the california information practices act or the federal privacy act of 1974 and can only be disclosed under limited circumstances. (california civil code 56.20; california labor code 432, 1198.5; 5 usc 552a)

jobs such as truck driver positions fall under regulations of the federal department of transportation. employers are required to accurately respond to an inquiry from a prospective employer about whether you took a drug test, refused a drug test, or tested positive in a drug test with the former or current employer. (49 cfr 40.25, 49 cfr 382.413. [color=#1c26ce]www.fmcsa.dot.gov/rulesregs/fmcsrhome.htm

As for HIPAA violations resulting in "lawsuits" and "jail time," HIPAA is virtually never prosecuted, and even if it were, it's a civil offense, not a crime, meaning no jail time results. The government relies on self-policing by hospitals to enforce the law.

Not sure where you got that info from. While it's true that HIPAA violations rarely get to the point of formal prosecution (individuals usually just get fired promptly by their healthcare employers), the law includes both civil (against facilities) and criminal (against individuals) penalties:

"Criminal Penalties. A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm. The Department of Justice is responsible for criminal prosecutions under the Privacy Rule."

Jun 13, '10

[QUOTE=Freedom42;4357165][LEFT]A former employer can say virtually anything s/he wants about you, provided it's true. As for HIPAA violations resulting in "lawsuits" and "jail time," HIPAA is virtually never prosecuted, and even if it were, it's a civil offense, not a crime, meaning no jail time results. The government relies on self-policing by hospitals to enforce the law.

Don't be too confident about HIPAA violations not being prosecuted. There was a recent case of someone given jail time for a HIPAA violation.
See the article under the Nursing News section of the forum (I'd post a link to it but I don't know how)
I actually feel rather intolerant toward the person the OP wrote about. I believe that anyone guilty of such an egregious violation SHOULD have difficulty in finding another nursing job. Perhaps they need to spend some time in a position where they don't have the opportunity to violate someone else in such a manner.

prospective and former employers share a common interest in exchanging job reference information. a

prospective employer seeks to validate the job performance and qualifications of an applicant prior to hiring. in addition, the prospective employer has a duty to protect its employees and customers from potential injuries caused by employees whom the employer knew or should have known posed a risk or harm to others. this duty is breached when an employer fails to seek references prior to making employment decisions, and the employer may be held liable for negligent hiring2.

a former (or current) employer provides employment references to assist former employees in obtaining future employment, and also does so in good faith with the hope that, in return, s/he will receive an honest evaluation from other employers when hiring new employees. the courts recognize that employers do not have any duty to disclose information about their employees. however, if an employer chooses to provide a reference or recommendation, the reference giver must include factual negative information that may be material to the applicant’s fitness for employment in addition to any positive information.

campus managers and supervisors who provide employment references on current or former employees must be aware that untrue, incomplete, or misleading information may cause a different liability -

negligent referral. the court in randi m. v. livingston union school district, 1995 cal. app. lexis 1230 (dec. 15, 1995), found that, “a statement that contains only favorable matters and omits all reference to unfavorable matters is as much a false representation as if all the facts stated were untrue.”

reference-checking has taken on new importance with the dramatic increase in workplace violence. former employers can be sued for negligent misrepresentation or negligent referral if the employee is involved in some incident at the new workplace that might have been predicted based on prior behavior. negligent referral or misrepresentation includes the failure to disclose complete and accurate information about former employees. on the other hand, current employers increasingly face the possibility of being sued for negligent hiring if they fail to adequately check the backgrounds of their employees and an employee behaves in some inappropriate manner.

under "negligent referral"., one could disclose that employee comitted hipaa violation when that is a reaon for termination, especially if serious breach. nursing has a code of professional ethics --your friend also breached by this unprofessional conduct. intentional breaches of patient privacy such as taking photograph of patient without consent, may be reportable to boards of nursing with license sanctions to license termination depending on seriousness of breech.

Don't be too confident about HIPAA violations not being prosecuted. There was a recent case of someone given jail time for a HIPAA violation.
See the article under the Nursing News section of the forum (I'd post a link to it but I don't know how)
I actually feel rather intolerant toward the person the OP wrote about. I believe that anyone guilty of such an egregious violation SHOULD have difficulty in finding another nursing job. Perhaps they need to spend some time in a position where they don't have the opportunity to violate someone else in such a manner.[/quote]

As of 2007, of 336 HIPAA complaints, four resulted in criminal prosecutions. These were complaints related not to release of health care information, but for fraudulent use of health care information; in other words, use of information for personal financial gain. These individuals were prosecuted in conjunction with other crimes, such as using the information to obtain credit card info and commit theft.

As of 2007, of 336 HIPAA complaints, four resulted in criminal prosecutions. These were complaints related not to release of health care information, but for fraudulent use of health care information; in other words, use of information for personal financial gain. These individuals were prosecuted in conjunction with other crimes, such as using the information to obtain credit card info and commit theft.

While I agree that HIPAA violations v. rarely get to the point of actual prosecution, you're not suggesting, are you, that that means that violation of client confidentiality isn't a serious matter (because there's little chance of getting prosecuted)???

Jun 16, '10

This is not an usual situation, unfortunately. Picture taking, posting pictures and information to facebook pages, etc seems to be done with little to no thought. Do I think most of these nurses are disrespectful or malicious? No! I think they just don't think. And having camera phones, at the ready, makes these mistakes so much easier. In my opinion, cell phones should stay in the locker (unless required for your job) and only accessible at breaks and lunch. That all being said...here is my two cents. Your relative made a mistake...an error in judgement. Life didn't end and there was no bad outcome to the patient. Was it wrong? Yes. Was it the worst that she could do, as I nurse? No. My thinking is that her hospital felt the same way or they wouldn't have given the resignation option. Frankly, I'm glad that she is feeling this nervous and remorseful. It shows that she recognizes the error and likely won't make it again. Isn't that the lesson we want from any mistake?

At my hospital, all reference checks come through the personnel dept. and they only give dates of employment and job title. Your relative may want to check her hospital's reference policy before she goes job hunting. Also, even though she would reflect as a voluntary resignation and doesn't HAVE to disclose the reason for termination, it is wise for her to be honest during the interview process. The nursing community can be quite small and if she was hired and her new employer heard this information from someone else, it would be worse for her.

I think she can work again as a nurse but as mentioned, in this column, it's a tight market. Good luck to her!

As long as it is true, the former employer can state it, when responding to questions about former employees. If the employer says it, it is considered to be true. The individual quit, further reinforcing what the employer may say.

BY law they may only give hire date, end date, and whether or not for re-hire. You can tell your next employer that you did not leave on good terms, and reason is personal; that they will probably state that you are not for re-hire. Follow this by handing your references, state that you have references from that facility and will attest to your skills and job performance. CLear but vague.....admit there was a problem......but no confession. If you are pressed for further details state that you do not speak negatively about a previous employer. While this was definately act of indescretion........why do we as nurses wish to not punish and give consequences and place someone on probation.......she confessed!!!!! Why do we feel we need to beat a dead horse? This girl obviously realizes her mistake......must this follow her for the rest of her life? Heck even murderers can get parole and a trial by theeir peers. I have seen so many innocent mistakes, some seem agregious to be sure, with no malicious intent, ruin someones finances, life, career, and families.....for one innocent mistake.......punish someone, give consequences, but don't whip them death. Everyone makes mistakes, but as so often I have seen, the punishment far outways the offense; almost like we, as a profesion, like to see people suffer. We point fingers and claim we would never be so stupid......don't be so sure everyone makes mistakes

Jun 16, '10

First, I applaud her for admitting to the violation, albeit the motivation was driven by a threat. Under the HITECH rules, this is even more ominous because the patient must be notified, and the patient now has the right to sue the nurse as well as the hospital through the attorney general's office. Prior to the passage of this act (under the Stimulus package), and depending on which state this happened in, the most a privacy victim could do was file a complaint with the Office of Civil Rights, who could then file charges against the individual and the organization (and I've been through a couple of these as well). That is no longer the case. The patient can file suit directly, as well as file a complaint through the OCR. Further, the statute runs 6 years.

For the nurse to obtain another position in health care could be difficult. The problem is that wherever she goes, she will have access to patients' personal health information. And the regulations apply to all health care organizations (e.g. insurance companies, government entities, and in schools, FERPA applies as well). There is a trust factor. What I would suggest is that she be up front with the loss of her previous position with the hiring manager. She took a picture of a patient and sent it to another individual, and realized she shouldn't have done it, has significant remorse, reported it, and the facility let her go as a result - and she would never do any such [stupid] thing again.

That may sway the hiring manager to take a chance and hire her.

As a chief compliance and privacy officer, all I can say is that many folks (younger set) think privacy and confidentiality are new under this regulation known as "HIPAA." In actuality, Hippocrates updated the Code of Hamurabi, specifically addressing "sacred secrets" in the Hippocratic Oath. I train our folks in this area - I take it incredibly seriously. I just could never breach a patients' trust for any reason - and try to instill that in my training for staff. And now the regulatory and legal stakes are ever so much higher. I remind folks that Lawanda Jackson (public record) got 10 years for selling Farrah's information to the National Enquirer for just over $4k. That is horrific. Best of luck to your friend. It sounds like she learned her lession in a very hard way.